[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

(fwd) SERIOUS PGP BUG!

To: linux-delhi@xxxxxxxxxxxxxxxxxxxxx, linux-india-help@xxxxxxxxxxxxxxxxxxxxx
Subject: (fwd) SERIOUS PGP BUG!
From: Raju Mathur <raju@xxxxxxxxxxxxxxx>
Date: Fri, 25 Aug 2000 11:24:46 +0530 (IST)
Reply-to: raju@xxxxxxxxxxxxxxx

[Switch to GnuPG fast! -- Raju]

This is an RFC 1153 digest.
(1 message)
----------------------------------------------------------------------

Approved-By: aleph1@xxxxxxxxxxxxxxxxx
Delivered-To: bugtraq@xxxxxxxxxxxxxxxxxxxxxxx
Received: from securityfocus.com (mail.securityfocus.com [207.126.127.78]) by
          lists.securityfocus.com (Postfix) with SMTP id 181431EFB5 for
          <bugtraq@xxxxxxxxxxxxxxxxxxxxxxx>; Thu, 24 Aug 2000 07:28:48 -0700
          (PDT)
Received: (qmail 25376 invoked by alias); 24 Aug 2000 14:29:52 -0000
Delivered-To: BUGTRAQ@xxxxxxxxxxxxxxxxx
Received: (qmail 25373 invoked from network); 24 Aug 2000 14:29:51 -0000
Received: from setec.org (207.99.30.242) by mail.securityfocus.com with SMTP;
          24 Aug 2000 14:29:51 -0000
Received: (from phosgene@localhost) by setec.org (8.8.8/8.8.8) id KAA29948;
          Thu, 24 Aug 2000 10:28:52 -0400 (EDT)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID:  <Pine.NEB.4.10.10008241020110.29902-100000@xxxxxxxxx>
Reply-To: Phosgene <phosgene@xxxxxxxxx>
In-Reply-To:  <20000823211011.G24198@xxxxxxxxxxxxxxxx>
From: Phosgene <phosgene@xxxxxxxxx>
Sender: Bugtraq List <BUGTRAQ@xxxxxxxxxxxxxxxxx>
To: BUGTRAQ@xxxxxxxxxxxxxxxxx
Subject:      SERIOUS PGP BUG!
Date:         Thu, 24 Aug 2000 10:28:51 -0400

In case you have not heard there is a serious bug in some versions of PGP
related to additonal decryption keys (ADK).
For more information look at John Young's site which details some of this:
http://cryptome.org/pgp-badbug.htm

Quoting from an email on the site:

"Tested versions of PGP:
PGP-2.6.3ia UNIX   (not vulnerable - doesn't support V4 signatures)
PGP-5.0i UNIX      (not vulnerable)
PGP-5.5.3i WINDOWS (VULNERABLE)
PGP-6.5.1i WINDOWS (VULNERABLE)
GnuPG-1.0.1 UNIX   (not vulnerable)"

A paper detailing an aspect of the vulnerability is written by Ralf
Senderek: http://senderek.de/security/key-experiments.html and his student
Stephen Early <Stephen.Early@xxxxxxxxxxxx> seems to have worked on
detailing this vulnerability as well on the ukcrypto mailing list.

Phosgene

------------------------------

End of this Digest
******************

Prev by Subject: (fwd) Security Update: sperl vulnerability
Next by Subject: (fwd) SuSE Security Announcement: rpc.kstatd (knfsd)
Previous by thread: zip format
Next by thread: (fwd) Re: SuSE Security Announcement: Netscape
Index(es):
- Subject
- Thread